wpa (2:2.10-6ubuntu2.1) jammy-security; urgency=medium
With this release, wpa_supplicant enforces stricter security by only loading
shared objects for opensc_engine_path, pkcs11_engine_path, and
pkcs11_module_path if they are located within the /usr/lib directory. If any
shared object is outside this trusted path, wpa_supplicant will refuse to load
it and log an error:
ENGINE: Failed to load OpenSC Engine from **: Not in trusted path /usr/lib/
To comply with this new security measure, ensure that the shared objects
(actual files, not symlinks) specified in your wpa_supplicant configuration
are copied to any directory within /usr/lib. Update the configuration paths
accordingly.
-- Sudhakar Verma <sudhakar.verma@canonical.com> Mon, 05 Aug 2024 13:29:26 +0530
wpasupplicant (2:2.6-19) unstable; urgency=medium
With this release, wpasupplicant no longer respects the system
default minimum TLS version, defaulting to TLSv1.0, not TLSv1.2. If
you're sure you will never connect to EAP networks requiring anything less
than 1.2, add this to your wpasupplicant configuration:
tls_disable_tlsv1_0=1
tls_disable_tlsv1_1=1
wpasupplicant also defaults to a security level 1, instead of the system
default 2. Should you need to change that, change this setting in your
wpasupplicant configuration:
openssl_ciphers=DEFAULT@SECLEVEL=2
Unlike wpasupplicant, hostapd still respects system defaults.
-- Andrej Shadura <andrewsh@debian.org> Sat, 15 Dec 2018 14:22:18 +0100
wpasupplicant (0.6.2-1) unstable; urgency=low
The -w (wait for network interface to exist) command line option no longer
exists. If you have scripts that require this option, it is time to change
them, or use one of the two supported modes of operation explained at
/usr/share/doc/wpasupplicant/README.modes.gz.
ifupdown supports hot-plugged network devices via the "allow-hotplug" class
of operation. An example /etc/network/interfaces configuration stanza would
look like:
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid myssid
wpa-psk mysecretpassphrase
network-manager is also able to handle hot-plugged network devices.
-- Kel Modderman <kel@otaku42.de> Mon, 14 Jan 2008 18:02:17 +1000
Generated by dwww version 1.14 on Mon Apr 7 20:46:13 CEST 2025.